Mercurial > prosody-modules
annotate mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 6084:4c0e3fe57e92
mod_compliance_latest: Gracefull error logging on missing dependency.
diff --git a/mod_compliance_latest/README.md b/mod_compliance_latest/README.md
--- a/mod_compliance_latest/README.md
+++ b/mod_compliance_latest/README.md
@@ -9,13 +9,15 @@ rockspec:
# Introduction
-This module will always require and load to the lastest compliance tester we have in the community modules.
-Currently this is [mod_compliance_2023].
+This meta-module will always `require` (and therefore auto-load) the lastest compliance tester we have in the community modules.
+Currently this is [mod_compliance_2023]. See the linked module for further details.
+
+If you do not use the *Prosody plugin installer* this module will likely have limited value to you.
+You can also just install the current compliance tester manually.
# Configuration
-Just load this module as any other module and it will automatically install [mod_compliance_2023] if you use the Prosody plugin installer.
-See the linked module for further details.
+Just load this module as any other module and it will automatically install and load [mod_compliance_2023] if you use the *Prosody plugin installer*.
# Compatibility
diff --git a/mod_compliance_latest/mod_compliance_latest.lua b/mod_compliance_latest/mod_compliance_latest.lua
--- a/mod_compliance_latest/mod_compliance_latest.lua
+++ b/mod_compliance_latest/mod_compliance_latest.lua
@@ -1,1 +1,6 @@
-module:depends("compliance_2023");
+local success, err = pcall(function() module:depends("compliance_2023") end)
+
+if not success then
+ module:log("error", "Error, can't load module: mod_compliance_2023. Is this module downloaded in a folder readable by prosody?")
+ return 1, "Error: Couldn't load dependency mod_compliance_2023."
+end
| author | Menel <menel@snikket.de> |
|---|---|
| date | Mon, 23 Dec 2024 12:58:03 +0100 |
| parents | c9397cd5cfe6 |
| children |
| rev | line source |
|---|---|
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 module:set_global() |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local hosts = prosody.hosts; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("s2s-check-certificate", function(event) |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local session, cert = event.session, event.cert; |
|
4675
c9397cd5cfe6
mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents:
2234
diff
changeset
|
7 if not cert or session.direction ~= "incoming" then return end |
|
c9397cd5cfe6
mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents:
2234
diff
changeset
|
8 |
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 local outgoing = hosts[session.to_host].s2sout[session.from_host]; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then |
|
2234
3024116d6093
mod_s2s_auth_samecert: Log which s2sout has a matching cert
Kim Alvefur <zash@zash.se>
parents:
2204
diff
changeset
|
11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$")); |
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 session.cert_identity_status = outgoing.cert_identity_status; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 session.cert_chain_status = outgoing.cert_chain_status; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 return true; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 end |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 end, 1000); |
